that come from Egypt and packets that
come from Italy, let’s say,” Dainotti
explains. Using these tools, they were
able to tally how many packets per second were coming from each country
during any given period. For example,
as shown in their paper, the researchers were able to see a clear and sharp
drop in the packet rate from Egypt
starting late January 27, 2011, and a
return to normal traffic levels around
midday Cairo time on February 2, when
the government restored Internet access. Several days later, Egypt’s president, Hosni Mubarak, was forced to
step down amidst continued protests
and international pressure.

Dainotti and his team used the
same method to analyze traffic trends
from Libya following anti-Gaddafi protests there. “I was surprised we could
see the signal so vividly,” says K.C.
Claffy, CAIDA’s founder and principal
investigator for the research. The darknet traffic is a mess that includes traffic
that uses fake source addresses, adding significant noise to the data; however, the signal from both countries
came through loud and clear because
of the sheer number of infected hosts
sending out IBR. Looking at real Internet traffic, as opposed to malware,
might have yielded even cleaner results
in theory, but privacy concerns make
it illegal for service providers to share
such information.

So malware proved to be an asset,but pinpointing packets by countrywas only the beginning. “What’s in-teresting and new about our analysisis it gives us the opportunity to studythe chronology of the event that noother source of data allows you to do,”Claffy says. For example, once they hadfigured out which packets were com-ing from Egypt, they were able to mapthese packets to their autonomous sys-tems of origin, such as Egyptian Tele-com, the proprietary networks operat-ing the Egyptian Stock Exchange, andthe famed Library of Alexandria. Theresearchers could see that at the be-ginning of the outage, while most net-works had been shut down, the stockexchange was still up and running, pre-sumably because the government didnot want to disrupt trading. Ultimately,though, even the stock exchange wentdown. “Things got worse in Egypt, andpeople were using the remaining net-works to communicate with the world,

“once you know thetools and methodsthey are using toblock you, you canthink about howto mitigate the effectsof the shutdown,”says edward Felten.

so I’m imagining that the government
was panicking, and they started shut-ting down everything,” says Dainotti.

Mubarak’s last-ditch approach
to censorship in Egypt was extreme,
Dainotti explains, in that the dictator
completely isolated entire autonomous systems from the rest of the Internet. Dainotti’s team was able to see
this blunt cutoff, called BGP blocking,
through information about the availability of sub-networks, which are
also called prefixes, that comprise the
autonomous systems. Normally, Dainotti explains, “a network advertises
its own prefixes, and says to the world,
‘You can reach me from here.’ So when
they shut down the Internet, they basically withdrew the advertisement of
their routes, so suddenly these prefixes
disappeared from the world and nobody knew how to reach them because
the autonomous systems themselves
said, ‘OK, I don’t have these routes anymore, I’m not advertising these prefixes
anymore.’” Through their analysis, the
researchers were able to show that all
of Egypt went down within a 10-min-
ute period around 10: 30 Greenwich
Mean Time on January 27. It is unknown how the government was able
to topple connectivity so quickly, but
it appears network operators complied under duress. A post-outage
statement issued by Vodafone, for
example, mentions “the safety of our
employees,” notes its lack of legal
options, and says if the Egyptian authorities had exercised their technical
capability to close the Vodafone net-

MilestonesGödel Prize and Other CS Awards

The european association for
Theoretical Computer Science
(ea TCS), the aCM Special
interest group on algorithms
and Computation Theory
(SigaCT), and the aCM Special
interest group on Knowledge
Discovery and Data Mining
(SigKDD) recently honored 10
leading computer scientists.

eatCS DiStinGuiSheDaChieVementS a WaRDea TCS presented the 2012Distinguished achievementsaward to Moshe y. Vardi, KarenOstrum george Professor inComputational engineering, riceUniversity, in acknowledgmentof his “extensive and widelyrecognized contributions totheoretical computer scienceover a lifelong scientific career”and “a long service record and astrong leadership in the field.”

KDD innoVation a WaRD

SigKDD conferred the KDDinnovation award to VipinKumar, William NorrisProfessor, University ofMinnesota, for “his technicalcontributions to foundationalresearch in data mining and itsapplications to mining scientificand climate data.”—Jack Rosenberger